In web_ui.py, in the AccountModule class is a function _reset_password, which can return an error. _do_reset_password always ignores the error, and instead reports success to the user. As far as I can tell, these errors are always ignored.

This then makes it extremely difficult to diagnose other problems with password reset.

Ensure proper configuration for SessionStore and derived classes, and
properly disable password reset functionality in AccountModule as well, if
it can't work due to either ResetPwStore being disabled entirely or just
missing the configured IPasswordHashMethod implementation.

one for acct_mgr.LoginModule, that is relevant if used with web-servers,
that evaluate the REMOTE_USER environment variable.

Changeset [12468] is included, that may require a Trac db fix-up.
Run python ./contrib/fix-session_attribute-failed_logins.py <env> once on any
Trac environment, that had account locking enabled with time constraints
before.

Add Comment

This ticket has been modified since you started editing. You should review the
other modifications which have been appended above,
and any conflicts shown in the preview below.
You can nevertheless proceed and submit your changes if you wish so.